The Claude Code Leak: Kairos, Buddy & Anthropic's Hidden AI Roadmap
A routine npm update accidentally exposed 512,000 lines of Anthropic's internal Claude Code source. Researchers digging through the code found a persistent background daemon, an AI that “dreams,” a Clippy-style ASCII pet, a stealth mode for open-source contributions, and a roadmap of features that redefine what an AI coding tool can be.
“The AI coding wars just got a lot more interesting. Anthropic didn't just build a coding assistant — they built an always-on, memory-forming, proactive agent that lives inside your terminal. We know this because they accidentally shipped the source.”
How the Leak Happened
On March 31, 2026, a routine update to the @anthropic-ai/claude-code npm package (version 2.1.88) was pushed with a critical oversight: a 59.8MB source map (.map) file was not excluded from the published package. Source map files are typically used during development to map compiled JavaScript back to its original TypeScript source — they are never meant to ship to production.
Within hours, developers noticed the anomaly. Using standard source map decompilation tools, the community reconstructed approximately 512,000 lines of TypeScript spread across nearly 2,000 files — the complete internal codebase for Claude Code, including disabled feature flags, engineering prompts, and internal project codenames.
Anthropic confirmed the incident as “human error” and issued DMCA takedown notices to GitHub. But by then, mirrors had spread widely. The community had four days to analyze the code before significant portions were removed from centralized platforms.
🔍 Leak at a Glance
Kairos: The Always-On Agent That Never Sleeps
The most consequential discovery in the leaked code is Kairos — a persistent background daemon designed to run even when the Claude Code terminal window is closed. Unlike the standard Claude Code interaction model, which is reactive (you type, it responds), Kairos is fundamentally proactive.
According to the engineering prompts found in the code, Kairos uses periodic <tick> prompts to regularly check whether new actions are required. It maintains a file-based memory systemstoring a model of the user — their preferences, behavioral patterns, the context behind their work, and things Claude should avoid or repeat. The prompt describes it as being designed to “have a complete picture of who the user is, how they'd like to collaborate.”
A PROACTIVEflag found in the code is designed to surface information “the user hasn't asked for and needs to see now” — essentially turning Claude Code from a tool you pull into an assistant that pushes insights to you. As of the leak, Kairos is hidden behind a disabled feature flag. But the engineering work is clearly well underway.
AutoDream: The AI That Consolidates Its Own Memory
Supporting Kairos is a system Anthropic internally calls AutoDream. When the user goes idle or signals Claude Code to “sleep” at the end of a session, AutoDream triggers a reflective process described in the leaked prompts as a “dream — a reflective pass over memory files.”
During this process, Claude Code scans the day's transcripts for new information worth persisting, consolidates it into existing memory files while avoiding near-duplicates and contradictions, and prunes memories that are excessively verbose or newly outdated. The system specifically watches for “memory drift”— a documented failure mode in long-running AI memory systems where stored facts gradually become inconsistent or conflict with newer, more accurate context.
The engineering goal, per the leaked prompt, is to “synthesize what you've learned recently into durable, well-organized memories so that future sessions can orient quickly.” Combined with Kairos, this creates an architecture where Claude Code builds an increasingly personalized, persistent model of each developer over time.
Meet Buddy: The ASCII Pet Living in Your Terminal
On the lighter end of the roadmap sits Buddy, a Clippy-like virtual companion that sits “beside the user's input box and occasionally comments in a speech bubble.” Buddy is a randomized ASCII art creature rendered in a 5-line by 12-column frame, sporting a tiny hat.
The leaked code details 18 different species, including a blob, axolotl, dragon, ghost, capybara, duck, and mossfrog. Each user gets a deterministic species based on their user ID — though the rarity system (from Common at 60% probability down to Mythic at 1%) adds a layer of gamification. Buddy reacts contextually to coding sessions.
Comments in the code suggested Buddy was planned for a teaser window launch between April 1–7, 2026, with a full release in May. The accidental source leak may have disrupted those plans entirely. Unsurprisingly, Buddy became the community's most beloved discovery — developers immediately began writing code to simulate the Buddy experience from the reconstructed source.
/\_/\ ( o.o ) > ^ < 🎩 | | (__|__) 💬 "Nice commit. Keep going!"
Undercover Mode: The Ethical Flashpoint
The most immediately controversial finding is Undercover Mode— a specialized instruction set designed to prevent Claude Code from revealing its identity or Anthropic's internal information when contributing to public open-source repositories.
The leaked prompt for this mode instructs the system that commits should never include the phrase “Claude Code” or any mention that you are an AI, and that it should omit any “Co-Authored-By lines or any other attribution.” The stated primary goal was protecting internal codenames — such as the internal name for Claude Code itself, “Tengu” — from becoming public through inadvertent open-source contributions by Anthropic employees.
However, the instruction to suppress AI attribution broadly raises real ethical questions. Many open-source projects have explicit contributor agreements requiring disclosure of AI-assistance. Security auditors and license compliance teams rely on commit authorship. Anthropic has not commented specifically on Undercover Mode, and it was marked as inactive in the leaked code.
⚠️ Feature Status: Active vs. Planned
The Full Roadmap: Every Feature Found in the Leak
Beyond the headline features, the leaked source reveals a comprehensive blueprint:
UltraPlan: 30-Minute Deep Thinking for Opus-Level Models
UltraPlan offloads complex architectural planning to a remote cloud container running Anthropic's most powerful models (internally codenamed “Fennec,” which corresponds to Opus 4.6). It can run for 10 to 30 minutes of sustained compute time, returning a fully editable plan the user can review and approve before execution. This is Anthropic's answer to the growing demand for AI that can reason over genuinely large, multi-week software projects.
Voice Mode: Now Officially Live
Voice Mode — the ability to talk to Claude Code via microphone — was officially announced by Anthropic on March 3, 2026. Users can activate it with /voiceand hold the spacebar to speak. While not a “leak,” finding it in the source confirmed the community's suspicion that voice was already deeply integrated into the architecture, not a bolt-on feature.
Bridge Mode: Remote Control via Browser or Mobile
Bridge Mode extends Anthropic's internal “Dispatch” tool to allow Claude Code sessions to be fully controlled from an external browser or mobile device. Think of it as remote desktop for your AI coding agent — you could review, approve, or reroute its actions from your phone while it runs tasks on your desktop.
Coordinator: Orchestrating Parallel AI Workers
Coordinator is a multi-agent orchestration system. It would allow Claude Code to spawn multiple worker instances, assign subtasks across them in parallel, and coordinate their outputs via WebSockets. It's positioned as the right tool for large, parallelizable engineering tasks — the kind that currently require a dedicated engineering team to manage in separate terminal windows.
What This Means for Developers
Taken together, the leaked roadmap reveals Anthropic is building towards a fundamentally different relationship between developer and AI tool. The current paradigm is conversational — you ask, it answers. The Kairos/AutoDream/UltraPlan paradigm is agentic — the AI knows you, watches your environment, thinks ahead on your behalf, and coordinates other agents to execute at scale.
This is not a minor product iteration. If even half of the features found in the leak ship within the next 12 months, Claude Code will be less of a coding assistant and more of a software engineering co-founder that happens to live in your terminal.
The ethical dimensions — Undercover Mode in particular — deserve serious industry attention. But the pure engineering ambition on display is remarkable. The leak was an accident. The roadmap is not.
For more on the AI landscape that makes this roadmap possible, read our deep dive into Claude 4.6 vs. Gemini 3.1: the frontier model battle and our analysis of Microsoft Copilot Cowork 2026 — Anthropic's biggest enterprise competitor.
Expert FAQ: Claude Code Source Leak
01.Was the Claude Code source code leak real, or an April Fools' joke?
It was real. The leak occurred on March 31, 2026 — one day before April Fools' — when Anthropic accidentally published a 59.8MB source map (.map file) inside version 2.1.88 of the @anthropic-ai/claude-code npm package. The uncompiled TypeScript was reconstructed by researchers from that source map, confirmed as legitimate by independent security analysts. Anthropic officially acknowledged it as a 'human packaging error' and issued DMCA takedown notices to GitHub shortly after.
02.What is the Kairos daemon in Claude Code?
Kairos is a planned persistent background agent that would continue running even after the Claude Code terminal window is closed. It uses periodic '<tick>' prompts to review whether new actions are needed and includes a 'PROACTIVE' flag for surfacing insights the user didn't explicitly ask for. It reads a file-based memory system to maintain a complete picture of the user's working environment across sessions. As of the leak, Kairos is hidden behind a disabled feature flag and is not yet active for users.
03.Can I get the Buddy terminal pet right now?
Not yet. Buddy is hidden behind a feature flag in the current public build of Claude Code. The leaked code contained comments pointing to a 'teaser window' launch planned between April 1–7, 2026, with a full release in May. The source code leak may have altered those plans. When it does ship, Buddy will appear as a small ASCII art creature — one of 18 species including axolotl, blob, dragon, and capybara — displayed in a 5-line by 12-column animation panel near the user's input box.
04.Is Undercover Mode ethical or legal?
This is legitimately controversial. Undercover Mode is designed to prevent Claude Code from revealing its AI identity, internal Anthropic codenames, or project names when contributing to public open-source repositories. It strips 'Co-Authored-By' metadata from git commits, which many open-source communities expect for transparency and license compliance. Critics argue this is deceptive; Anthropic has not commented specifically on Undercover Mode. It was marked as inactive in the leaked code.
05.What is UltraPlan and how is it different from normal Claude Code planning?
UltraPlan is a feature that offloads complex, long-horizon planning tasks to a remote cloud container running Anthropic's most powerful Opus-level models (codenamed 'Fennec' or Opus 4.6 in the leaked code). It can run for 10 to 30 minutes of dedicated compute time before returning a fully drafted, editable execution plan to your local terminal. This is fundamentally different from the instant, reactive responses of normal Claude Code — it's designed for architectural design decisions, multi-step refactors, and enterprise-scale planning tasks.
06.What internal codenames were revealed in the leak?
The leak exposed several internal Anthropic project codenames, including: 'Tengu' (the internal codename for Claude Code itself), 'Fennec' (Opus 4.6, the most powerful available model), and 'Numbat' (another internal designation whose product mapping remains unclear). These codenames are consistent with Anthropic's pattern of using animal names for internal projects. The leaking of these names was one of the reasons Undercover Mode existed — to prevent such information from appearing in public commits.
07.How does AutoDream work and what does 'memory drift' mean?
AutoDream is a background process that triggers when the user goes idle or ends a session. It performs a 'dream' — a reflective scan of the day's conversation transcripts — to identify new information worth persisting to Claude Code's memory files. It consolidates that information, removes near-duplicates and contradictions, prunes verbose or outdated entries, and watches for 'memory drift,' which is when stored memories become internally inconsistent or conflict with newer, more accurate context. The goal is for Claude Code to start each new session already oriented, rather than rebuilding context from scratch.
08.What did Anthropic say about the leak?
Anthropic confirmed that the incident was caused by 'human error' during the npm packaging process. The company was explicit that no user data, conversation history, API keys, or model weights were exposed — only internal source code and prompt engineering strings. Anthropic issued DMCA takedown requests to GitHub to remove repositories hosting the reconstructed code, though the material spread rapidly to decentralized platforms and was forked significantly before the takedowns processed.